Given a network application such as a Domain Name System (DNS) server, how does an active attacker take control of the application and possibly of the machine on which the application runs? The attacker first injects a piece of code into the victim application, and then hijacks its locus of execution by transferring the program's control to the injected code. Once the injected code takes control, it can wreak havoc on the underlying system, such as forking a shell process, reading files, deleting files, communicating with the outside world, etc. Fundamentally such attacks are possible because they exploit flaws in the computer system, which include software design/implementation bugs, configuration mistakes and operator errors.
Mobile code refers to programs that come into an enterprise system not through an official installation process, but through various ad hoc channels: email attachments, web pages, ftp payload, etc. In all cases, users are the ones that, in many cases unknowingly, invoke the mobile code embedded in these contents. Because a piece of mobile code is started on behalf of the user who invokes it, it executes with the privilege of that user, and is thus allowed to delete the user's files, scan the user's address book, send email messages, etc.
The difference between active and passive attacks lies in how a piece of code is injected to the victim system and gets started eventually. Once the injected code runs, these two attacks behave the same from this point onward. Given that the injected code is able to issue the system calls it desires, the only way that a victim system can escape from lasting damage is for it to have the ability to erase all the updates that the attacker induced directly or indirectly.
Based on the above analysis, a comprehensive enterprise protection system should consist of the following elements: